% % Introduction
\section{Introduction}
The GSM cellular system is today used by billions of customers
worldwide \cite{gsmass}. The system was first introduced in the early 1990's and
offered digitalized voice communication. It was designed to replace the earlier
European analogue cellular networks, which employed an uncoordinated mix of
technologies and protocols that varied from country to country.

GSM was also the first cellular system to offer protection against
eavesdropping on calls, phone cloning, and call theft. However, due to the
political attitude towards cryptology in the 1980's, when the system was
developed, civilians were not allowed to use strong cryptography. And as a
result it was decided that only the air-interface of GSM should be protected,
leaving the rest of the system unprotected.

Two kinds of protection was used to protect the air-interface: Encryption, to
protect the privacy of users, and cryptographic authentication of the
SIM\footnote{A secure hardware in the phone called the 'Subscriber Identity
Module'.}, to protect the network from unauthorized access. The identity of the
users is protected by pre-allocating a TMSI\footnote{A temporary identification
called the 'Temporary Mobile Subscriber Identity'.} to the mobile phone. In this
process the mobile phone identifies itself to the network, and the encryption
can commence once this process has completed.

% An outline of our paper (to be edited)
In this paper we will focus on the following attacks on GSM based on the
article \textit{``Instant Ciphertext-Only Cryptanalysis of GSM Encrypted
Communication''} by E. Barkan, E. Biham, and N. Keller, 2006 \cite{bbk}:
\begin{itemize}
  \item A passive known-plaintext attack on $A5/2$.
  \item A transformation of this attack on into a ciphertext-only attack on
  $A5/2$.
  \item A passive ciphertext-only attack on $A5/1$.
\end{itemize}
First, we will describe some details of the GSM protocol and the initial
process of the key-setup. Then we will look into the $A5/2$ and $A5/1$ ciphers,
including details on how the key-stream is generated. In the next sections we
will describe the attacks on the different ciphers. Furthermore, we will
describe the vulnerabilities in the GSM call-establishment protocol, as well as
explain some of the attack scenarios made possible by the these vulnerabilities
and the attacks on the ciphers.

Finally, we will conclude on our findings and discuss the weaknesses of the
system and the encryption algorithms used, as well as mention a few suggestions
on how to improve the security of GSM in the future.
